Saturday, January 28, 2023
  • Jan 2023 – FedRAMP, StateRAMP and CMMC 2.0 Roundup
  • USENIX Security ’22 – Lei Xue, Yangyang Liu, Tianqi Li, Kaifa Zhao, Jianfeng Li, Le Yu, Xiapu Luo, Yajin Zhou, Guofei Gu – ‘SAID: State-Aware Defense Against Injection Attacks On In-Vehicle Network’
  • What’s Now, What’s Next? A Deep Dive into Privacy Legislation in 2023
  • Data Privacy Day: The Importance of Managing Your Data Security Posture | Eureka Security
  • Overcoming Cyber Overwhelm: Three Security Goals to Focus on in 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Vulnerabilities 

Home » Cybersecurity » Threats & Breaches » Vulnerabilities » Developing an Effective Change Management Program

SBN

Developing an Effective Change Management Program

by Chris Orr on May 23, 2019

Detection of change is easy… There, I said it. Anyone can do it. One thousand monkeys with keyboards can pound out scripts to detect change. What is not so easy, what the monkeys can’t do, is reconcile change. Even worse, it’s usually the monkeys who make the changes that bring everything crashing down around your knees.

TechStrong Con 2023Sponsorships Available

It’s the reconciliation of change that most organizations have the most trouble with. What was the change? When was it made? Who made it? Was it authorized?

Welcome to change management.

These are all questions that most folks struggle with. Especially that last one. In the early days of tech, it was a Wild Wild West mentality where speed was of the essence. If something needed to be done, the admins would just reach their little monkey hands into the server and do what needed to be done. To hell with the consequences.

When things worked out, the admin was the hero. When they didn’t, the admin would quietly hide behind the anonymity of being one of a thousand monkeys. Sometimes, if something broke, the hero would emerge from the smoking carcass of the server with the fix in hand. However, one of my old CTOs had a saying:

“The person who saved the ship is usually the person who started sinking it in the first place.”

Now, in many organizations, some processes exist for change management – not because they want to but because they have to. Some groups/governments/industries say they need it. PCI DSS, SOX and NERC/CIP are all examples of producing standards that tell you that you need to be able to detect change. Hell, I made a career selling software that allowed them to check that little box.

But what I have seen over the course of that (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Chris Orr. Read the original post at: https://www.tripwire.com/state-of-security/vulnerability-management/developing-an-effective-change-management-program/

May 23, 2019May 23, 2019 Chris Orr change, Detection, Featured Articles, management, NERC CIP, PCI DSS, Vulnerability Management
  • ← Chrome Tightens CSRF Protection
  • Free Decryptor Released for GetCrypt Ransomware →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

What is PSaaS and is it Worthwhile?
The Security Challenges of API Sprawl
CyberInsurance Predictions for 2023
PayPal Credential Stuffing Attacks Renew Calls for MFA
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Multi-factor Authentication
PayPal Breach 2023: Tip of the Iceberg
The cyber security environment in 2022- What did we learn?
Cryptocurrencies: How have they influenced cybercrime?
Administrator of RSOCKS Proxy Botnet Pleads Guilty

Upcoming Webinars

Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Chainguard Unveils Memory-Safe Linux Distribution
Application Security Cybersecurity Featured Mobile Security Network Security News Security Awareness Security Boulevard (Original) Spotlight 

Chainguard Unveils Memory-Safe Linux Distribution

January 27, 2023 Michael Vizard | 1 day ago 0
‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

January 27, 2023 Richi Jennings | 1 day ago 0
More Details of LastPass Breach: Hackers Used Stolen Encryption Key
Analytics & Intelligence Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

More Details of LastPass Breach: Hackers Used Stolen Encryption Key

January 27, 2023 Teri Robinson | 1 day ago 0

Security Humor

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.